We've had roughly 1 security hole found per 2 years. XSS vulnerabilities are mostly avoided as we develop on our own version of PHP that can detect unfiltered output. Other kinds of vulnerabilities are avoided through creating a framework that side-steps them. Attempts by hackers are often autodetected by ocPortal and the hacker IPs automatically banned.

If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).

If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.

If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.

If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.